This forum is now a read-only archive. All commenting, posting, registration services have been turned off. Those needing community support and/or wanting to ask questions should refer to the Tag/Forum map, and to http://spring.io/questions for a curated list of stackoverflow tags that Pivotal engineers, and the community, monitor.

Spring-social-security

Oct 14th, 2011, 04:11 PM

Hi,

first of all... great work guys.

I just have a couple of questions, hope you can point the way to go.
Currently I just started working with spring social and so far I have integrated it into my web project. But what I really aim to do is to have a spring-social-security integration (that would be great). I just wanna know if you are planning to add this functionality in the 1.1 release and when is this release scheduled ?? Should I wait for the release or go with the code of the following links?

Tighter integration with Spring Security is on the roadmap for 1.1, but there has been no date scheduled for that release yet. I'll be considering the approach taken in those links as I design, but it's too early to tell how closely it will resemble those.

Comment

I had been checking the code molindo's code at https://github.com/molindo/spring-social/tree/security (I know you aware of it). I wanna try to integrate this into an jsf architecture with spring security. So far I have download the code into my PC (not that much) ,I just wanna know if you could give any hint about how to do this.

Comment

Hi Michael,
I am thinking of using your work socialsignin/spring-social-security for my project.
Do you have any stable version released? Basically I need to integrate spring-security for facebook login and I dont use Spring MVC.

Comment

Thanks for your interest in spring-social-security - at the moment the module is still a work in progress, so no stable version as of yet I'm afraid.

The module is really designed to work with the Spring MVC components provided by Spring Social - if you are not using Spring MVC then whether the module will be what you need for your application will depend on how you are using the other parts of Spring Social.

With spring-social-security a SpringSocialSecurityAuthenticationFilter is registered with Spring Security - this filter authenticates a user after they sign in with a provider such as Facebook. A prerequisite for this filter is that access tokens obtained from providers are stored in a UserConnectionRepository (from Spring Social), and that this UserConnectionRepository is used as the primary source for local user accounts for your application.

Spring Social provides MVC controllers out of the box, which manage the authentication flow with a provider and which store access tokens in the UsersConnectionRepository.

If you are not using Spring MVC then you'll need to provide your own mechanism for managing user authentication flow. You may still be able to use the spring-social-security authentication filter if you:

1) Store the access tokens obtained on authorisation into the UserConnectionRepository (from Spring Social), either using the Spring MVC components from Spring Social, or using your own controllers in an alternative framework.

2) Intend to use this UserConnectionRepository as your primary user details source for your application (ie. you don't have a a separate user database outside of Spring Social)

3) Place an instance of SpringSocialSecuritySignInDetails into the session after authentication from Facebook before redirecting to the authentication filter. (see SpringSocialSecuritySignInService )

If your application is configured in this way then in theory you could register the SpringSocialSecurityAuthenticationFilter with your spring security configuration, but it may be easier to create your own filter which mimics the behaviour of SpringSocialSecurityAuthenticationFilter but hooks into your own MVC controllers/user details store.